CVE-2024-50603 Overview
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Critical Impact
This vulnerability allows unauthenticated remote code execution, potentially leading to full control over the impacted system.
Affected Products
- Aviatrix Controller 7.1.4191
- Aviatrix Controller 7.2.x before 7.2.4996
Discovery Timeline
- 2025-01-08 - CVE CVE-2024-50603 published to NVD
- 2025-11-05 - Last updated in NVD database
Technical Details for CVE-2024-50603
Vulnerability Analysis
This vulnerability arises from improper input sanitization in Aviatrix Controller API endpoints, which allows shell command injection through unsanitized input fields. Specifically, the issue occurs when special shell metacharacters are included in parameters that are supposed to be passed as text arguments.
Root Cause
The root cause is the inadequate neutralization of special characters in the parameters cloud_type and src_cloud_type in API commands, leading to possible command execution on the host system.
Attack Vector
The attack can be launched remotely over the network by sending specially crafted HTTP requests to the vulnerable API endpoints.
# Example exploitation code (sanitized)
import requests
url = "http://vulnerable-controller/api"
data = {"cloud_type": "; rm -rf / #"} # Malicious command injection
response = requests.post(url, data=data)
print(response.content)
Detection Methods for CVE-2024-50603
Indicators of Compromise
- Unusual commands executed in system logs
- Unexpected outbound connections
- Unrecognized modifications to system configuration files
Detection Strategies
Utilize intrusion detection systems (IDS) to monitor for specific API call patterns that include suspicious shell metacharacters. Leverage logs to identify abnormal HTTP requests to the vulnerable endpoints.
Monitoring Recommendations
Consistently review Aviatrix Controller logs for indications of command injections. Implement network traffic analysis tools to flag anomalous API requests.
How to Mitigate CVE-2024-50603
Immediate Actions Required
- Update to Aviatrix Controller versions 7.1.4191 or 7.2.4996 or later
- Restrict network access to the API endpoints
- Implement input validation and sanitation measures
Patch Information
The vendor has released patches in versions 7.1.4191 and 7.2.4996 to address this vulnerability. Refer to Aviatrix PSIRT Advisories for details.
Workarounds
Apply ingress and egress filtering at network boundaries to limit potential command injection attempts. Implement strict input validation on client-side applications interfacing with the Aviatrix Controller API.
# Configuration example
iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
